...
This document describes the security training and awareness activities. The organization recognizes it is essential to have well trained users and support staff in order to achieve safe and secure operations of the infrastructure and the data on the infrastructure.
(maybe something on confidentiality, integrity and availability?).
The aim of security training and security awareness is to make sure that everyone involved with the acquisition, design, development, use and management of the infrastructure has actual and accurate knowledge about security, security techniques, rules, procedures and regulations, and knows how to apply this in day-to-day operations and in emergency situations. Security training and awareness is crafted for a role or a function and can even be crafted on individual persons when they have specialized tasks.
...
When someone start in a new function, a new role of starts using of managing a new system there should be an initial security training. This initial training gives all security details about the security aspects of the new role or function. It will make the new person acquaintance with rules and regulations, processes and procedures for both day-to-day operations and for emergency situations. This applies for both usage of systems and for acquiring, designing, developing and managing systems.
Repeat Training
After initial training all people involved should have a repeat training on regular intervals. These might cover the same subjects as the initial training but ideally go into more detail or tpouich diffenrent subjects or the same subjects from a differnet angle. Just as initial training repeat training must be focused on teh targetted audience. Some training might be generic for all involved, some repeat training will be subject and role specific.
Security awareness training
<…>
Training formats
Trainings can be in different formats. A training plan should use multiple formats and were possible training materials shoudl be available for reveiw after traiining.
Maintenance of trainings and the training plan
...